FIX CORS Filtering, Unit List in GeoJSON format

Fixing CORS filters in old Servlets
Added service /DataService?Operation=GetUnitsGeoJson

src/main/java/cz/hsrs/db/util/UserUtil.java

@@ -11,6 +11,8 @@ import cz.hsrs.db.model.Unit;
 import cz.hsrs.db.model.UnitPosition;
 import cz.hsrs.db.model.composite.LastPosition;
 import cz.hsrs.db.pool.SQLExecutor;
+import net.sf.json.JSONArray;
+import net.sf.json.JSONObject;
 
 /**
  * @author jezekjan
@@ -463,4 +465,44 @@ public class UserUtil extends GroupUtil {
         }
         return res;
     }
+    
+    /**
+     * 
+     * @param userName
+     * @return
+     * @throws SQLException
+     */
+    public static String getUnitsGeoJson(String userName) throws SQLException {
+    	String query = "SELECT unit_id, description, type_name, altitude, time_stamp, st_asgeojson(the_geom) AS geom"
+    			+ " FROM public.unit_groups_description_position"
+    			+ " WHERE id = (SELECT group_id FROM system_users WHERE user_name = '"+userName+"')"
+    			+ " AND the_geom IS NOT NULL AND (st_x(the_geom) != 0 OR st_y(the_geom) != 0)"
+    			+ " ORDER BY unit_id;";
+    	ResultSet res = SQLExecutor.getInstance().executeQuery(query);
+    	JSONObject geojson = new JSONObject();
+    	if(res != null) {
+    		geojson.element("type", "FeatureCollection");
+        	JSONArray features = new JSONArray();
+        	
+        	while (res.next()) {
+        		JSONObject feature = new JSONObject();
+            	feature.element("type", "Feature");
+            	
+            	JSONObject properties = new JSONObject();
+            	properties.element("unit_id", res.getString("unit_id"));
+            	properties.element("description", res.getString("description"));
+            	properties.element("type_name", res.getString("type_name"));
+            	properties.element("altitude", res.getDouble("altitude"));
+            	properties.element("time_stamp", res.getString("time_stamp")+"00");
+            	feature.element("properties", properties);
+            	
+            	String geometry = res.getString("geom");
+            	feature.element("geometry", geometry);
+            	
+            	features.add(feature);
+        	}        	
+        	geojson.element("features", features);
+    	}
+    	return geojson.toString();   	
+    }
 }

src/main/java/cz/hsrs/servlet/provider/DataService.java

@@ -17,6 +17,7 @@ import cz.hsrs.db.model.UnitTrack;
 import cz.hsrs.db.model.composite.LastPosition;
 import cz.hsrs.db.model.composite.RealUnit;
 import cz.hsrs.db.model.custom.UnitPositionSimple;
+import cz.hsrs.db.util.UserUtil;
 import cz.hsrs.db.util.UtilFactory;
 import cz.hsrs.servlet.feeder.ServiceParameters;
 import cz.hsrs.servlet.security.LoginUser;
@@ -43,7 +44,8 @@ public class DataService extends DBServlet {
     public static final String GET_POSITIONS = "GetPositions";
     public static final String GET_POSITIONS_RANGE = "GetPositionsDay";
     public static final String GET_UNITS_LIST = "GetUnitsList";
-
+    public static final String GET_UNITS_GEOJSON = "GetUnitsGeoJson";
+    
     private UtilFactory db;
 
     public DataService() {
@@ -83,8 +85,16 @@ public class DataService extends DBServlet {
             throw new ServletException("Authentication failure for request "+ request.getQueryString());
         }
 
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json");
+        
         /*
          * /DataService?Operation=GetUnits&user=telemetry&unit_id=356173060488215
          * /DataService?Operation=GetTracks&user=telemetry&limit=500
@@ -94,6 +104,7 @@ public class DataService extends DBServlet {
          * /DataService?Operation=GetPositions&user=telemetry&limit=500
          * /DataService?Operation=GetPositionsDay&user=telemetry&unit_id=356173060488215&fromTime=2016-02-01&toTime=2016-02-04&ordering=desc
          * /DataService?Operation=GetUnitsList&user=telemetry
+         * /DataService?Operation=GetUnitsGeoJson
          */
         PrintWriter out = response.getWriter();
         try {
@@ -123,6 +134,10 @@ public class DataService extends DBServlet {
                 case GET_UNITS_LIST: {
                     DBJsonUtils.writeJSON(out, db.userUtil.getUnitsByUser(params.getUser()));
                 } break;
+                case GET_UNITS_GEOJSON:{
+                	out.write(UserUtil.getUnitsGeoJson(params.getUser()));
+                	//DBJsonUtils.writeJSON(out, UserUtil.getUnitsGeoJson(params.getUser()));
+                } break;
                 default:
                     throw new NullPointerException("No operation specified.");
             }

src/main/java/cz/hsrs/servlet/provider/GroupService.java

@@ -56,7 +56,14 @@ public class GroupService extends DBServlet{
             throw new ServletException("Authentication failure for request "+ request.getQueryString());
         }
 
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
 
         PrintWriter out = response.getWriter();

src/main/java/cz/hsrs/servlet/provider/ManagementService.java

@@ -122,7 +122,14 @@ public class ManagementService extends DBServlet {
     @Override
     protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
         
         LoginUser loggedUser = getUserBySession(request);
 
@@ -162,7 +169,14 @@ public class ManagementService extends DBServlet {
     @Override
     protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
 
         LoginUser loggedUser = getUserBySession(request);
 
@@ -202,7 +216,14 @@ public class ManagementService extends DBServlet {
     @Override
     protected void doDelete(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
         response.addHeader(HttpHeaders.CONTENT_TYPE, JSON_CONTENT);
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
 
         LoginUser loggedUser = getUserBySession(request);
 

src/main/java/cz/hsrs/servlet/provider/SensorService.java

@@ -57,7 +57,14 @@ public class SensorService extends DBServlet {
             throw new ServletException("Authentication failure for request "+ request.getQueryString());
         }
         
-        response.addHeader("Access-Control-Allow-Origin", "*");
+        /* CORS Filtering */
+        String originDomain = request.getHeader("origin");
+        originDomain = originDomain == null ? "*" : originDomain;
+        response.addHeader("Access-Control-Allow-Origin", originDomain);
+        response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.addHeader("Access-Control-Allow-Credentials", "true");
+        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        
         response.addHeader(HttpHeaders.CONTENT_TYPE, "application/json;charset=UTF-8");
 
         /*